1 8 package org.apache.avalon.phoenix.components.classloader; 9 10 import java.io.File ; 11 import java.io.InputStream ; 12 import java.lang.reflect.Constructor ; 13 import java.net.MalformedURLException ; 14 import java.net.URL ; 15 import java.security.KeyStore ; 16 import java.security.KeyStoreException ; 17 import java.security.Permission ; 18 import java.security.Permissions ; 19 import java.security.UnresolvedPermission ; 20 import java.security.cert.Certificate ; 21 import java.util.ArrayList ; 22 import java.util.HashMap ; 23 import java.util.PropertyPermission ; 24 import java.util.StringTokenizer ; 25 import org.apache.avalon.excalibur.i18n.ResourceManager; 26 import org.apache.avalon.excalibur.i18n.Resources; 27 import org.apache.avalon.framework.configuration.Configurable; 28 import org.apache.avalon.framework.configuration.Configuration; 29 import org.apache.avalon.framework.configuration.ConfigurationException; 30 import org.apache.avalon.framework.context.DefaultContext; 31 import org.apache.avalon.phoenix.components.util.ResourceUtil; 32 33 38 class DefaultPolicy 39 extends AbstractPolicy 40 implements Configurable 41 { 42 private static final Resources REZ = 43 ResourceManager.getPackageResources( DefaultPolicy.class ); 44 45 private final File m_baseDirectory; 46 47 private final File m_workDirectory; 48 49 private DefaultContext m_context; 50 51 protected DefaultPolicy( final File baseDirectory, 52 final File workDirectory ) 53 { 54 final HashMap map = new HashMap (); 55 map.putAll( System.getProperties() ); 56 m_context = new DefaultContext( map ); 57 m_context.put( "/", File.separator ); 58 m_context.put( "app.home", baseDirectory ); 59 m_workDirectory = workDirectory; 60 m_baseDirectory = baseDirectory; 61 } 62 63 public void configure( final Configuration configuration ) 64 throws ConfigurationException 65 { 66 setupDefaultPermissions(); 67 68 final Configuration[] keyStoreConfigurations = configuration.getChildren( "keystore" ); 69 final HashMap keyStores = configureKeyStores( keyStoreConfigurations ); 70 71 final Configuration[] grants = configuration.getChildren( "grant" ); 72 if( 0 != grants.length ) 73 { 74 configureGrants( grants, keyStores ); 75 } 76 else 77 { 78 final String message = 79 REZ.getString( "policy.notice.full-perms" ); 80 getLogger().info( message ); 81 final Permissions permissions = createPermissionSetFor( getInclusiveURL(), null ); 82 permissions.add( new java.security.AllPermission () ); 83 } 84 } 85 86 private URL getInclusiveURL() 87 { 88 try 89 { 90 return new URL ( "file:/-" ); 91 } 92 catch( final MalformedURLException mue ) 93 { 94 return null; 96 } 97 } 98 99 private void setupDefaultPermissions() 100 { 101 final Permissions permissions = createPermissionSetFor( getInclusiveURL(), null ); 103 104 permissions.add( new PropertyPermission ( "os.name", "read" ) ); 105 permissions.add( new PropertyPermission ( "os.arch", "read" ) ); 106 permissions.add( new PropertyPermission ( "os.version", "read" ) ); 107 permissions.add( new PropertyPermission ( "file.separator", "read" ) ); 108 permissions.add( new PropertyPermission ( "path.separator", "read" ) ); 109 permissions.add( new PropertyPermission ( "line.separator", "read" ) ); 110 111 permissions.add( new PropertyPermission ( "java.version", "read" ) ); 112 permissions.add( new PropertyPermission ( "java.vendor", "read" ) ); 113 permissions.add( new PropertyPermission ( "java.vendor.url", "read" ) ); 114 115 permissions.add( new PropertyPermission ( "java.class.version", "read" ) ); 116 permissions.add( new PropertyPermission ( "java.vm.version", "read" ) ); 117 permissions.add( new PropertyPermission ( "java.vm.vendor", "read" ) ); 118 permissions.add( new PropertyPermission ( "java.vm.name", "read" ) ); 119 120 permissions.add( new PropertyPermission ( "java.specification.version", "read" ) ); 121 permissions.add( new PropertyPermission ( "java.specification.vendor", "read" ) ); 122 permissions.add( new PropertyPermission ( "java.specification.name", "read" ) ); 123 permissions.add( new PropertyPermission ( "java.vm.specification.version", "read" ) ); 124 permissions.add( new PropertyPermission ( "java.vm.specification.vendor", "read" ) ); 125 permissions.add( new PropertyPermission ( "java.vm.specification.name", "read" ) ); 126 } 127 128 private HashMap configureKeyStores( final Configuration[] configurations ) 129 throws ConfigurationException 130 { 131 final HashMap keyStores = new HashMap (); 132 133 for( int i = 0; i < configurations.length; i++ ) 134 { 135 final Configuration configuration = configurations[ i ]; 136 final String type = configuration.getAttribute( "type" ); 137 final String location = configuration.getAttribute( "location" ); 138 final String name = configuration.getAttribute( "name" ); 139 140 try 141 { 142 final KeyStore keyStore = KeyStore.getInstance( type ); 143 final URL url = new URL ( location ); 144 final InputStream ins = url.openStream(); 145 146 keyStore.load( ins, null ); 147 148 keyStores.put( name, keyStore ); 149 } 150 catch( final Exception e ) 151 { 152 final String message = REZ.getString( "policy.error.keystore.config", name ); 153 throw new ConfigurationException( message, e ); 154 } 155 } 156 157 return keyStores; 158 } 159 160 private void configureGrants( final Configuration[] configurations, 161 final HashMap keyStores ) 162 throws ConfigurationException 163 { 164 for( int i = 0; i < configurations.length; i++ ) 165 { 166 configureGrant( configurations[ i ], keyStores ); 167 } 168 } 169 170 private void configureGrant( final Configuration configuration, final HashMap keyStores ) 171 throws ConfigurationException 172 { 173 177 final String signedBy = configuration.getAttribute( "signed-by", null ); 178 final String keyStoreName = configuration.getAttribute( "key-store", null ); 179 180 String codeBase = configuration.getAttribute( "code-base", null ); 181 if( null != codeBase ) 182 { 183 codeBase = expand( codeBase ); 184 codeBase = ResourceUtil.expandSarURL( codeBase, 185 m_baseDirectory, 186 m_workDirectory ); 187 } 188 189 final Certificate [] signers = getSigners( signedBy, keyStoreName, keyStores ); 190 191 Permissions permissions = null; 192 193 try 194 { 195 permissions = createPermissionSetFor( codeBase, signers ); 196 } 197 catch( final MalformedURLException mue ) 198 { 199 final String message = REZ.getString( "policy.error.codebase.malformed", codeBase ); 200 throw new ConfigurationException( message, mue ); 201 } 202 203 configurePermissions( configuration.getChildren( "permission" ), 204 permissions, 205 keyStores ); 206 } 207 208 private void configurePermissions( final Configuration[] configurations, 209 final Permissions permissions, 210 final HashMap keyStores ) 211 throws ConfigurationException 212 { 213 for( int i = 0; i < configurations.length; i++ ) 214 { 215 configurePermission( configurations[ i ], permissions, keyStores ); 216 } 217 } 218 219 private void configurePermission( final Configuration configuration, 220 final Permissions permissions, 221 final HashMap keyStores ) 222 throws ConfigurationException 223 { 224 final String type = configuration.getAttribute( "class" ); 225 final String actions = configuration.getAttribute( "actions", null ); 226 final String signedBy = configuration.getAttribute( "signed-by", null ); 227 final String keyStoreName = configuration.getAttribute( "key-store", null ); 228 229 String target = configuration.getAttribute( "target", null ); 230 if( null != target ) 231 { 232 target = expand( target ); 233 } 234 235 final Certificate [] signers = getSigners( signedBy, keyStoreName, keyStores ); 236 final Permission permission = createPermission( type, target, actions, signers ); 237 238 permissions.add( permission ); 239 } 240 241 private String expand( final String value ) 242 throws ConfigurationException 243 { 244 try 245 { 246 final Object resolvedValue = PropertyUtil.resolveProperty( value, m_context, false ); 247 return resolvedValue.toString(); 248 } 249 catch( final Exception e ) 250 { 251 final String message = REZ.getString( "policy.error.property.resolve", value ); 252 throw new ConfigurationException( message, e ); 253 } 254 } 255 256 private Permission createPermission( final String type, 257 final String target, 258 final String actions, 259 final Certificate [] signers ) 260 throws ConfigurationException 261 { 262 if( null != signers ) 263 { 264 return createUnresolvedPermission( type, target, actions, signers ); 265 } 266 267 try 268 { 269 final Class c = Class.forName( type ); 270 271 Class paramClasses[] = null; 272 Object params[] = null; 273 274 if( null == actions && null == target ) 275 { 276 paramClasses = new Class [ 0 ]; 277 params = new Object [ 0 ]; 278 } 279 else if( null == actions ) 280 { 281 paramClasses = new Class [ 1 ]; 282 paramClasses[ 0 ] = String .class; 283 params = new Object [ 1 ]; 284 params[ 0 ] = target; 285 } 286 else 287 { 288 paramClasses = new Class [ 2 ]; 289 paramClasses[ 0 ] = String .class; 290 paramClasses[ 1 ] = String .class; 291 params = new Object [ 2 ]; 292 params[ 0 ] = target; 293 params[ 1 ] = actions; 294 } 295 296 final Constructor constructor = c.getConstructor( paramClasses ); 297 final Object o = constructor.newInstance( params ); 298 return (Permission )o; 299 } 300 catch( final ClassNotFoundException cnfe ) 301 { 302 return createUnresolvedPermission( type, target, actions, signers ); 303 } 304 catch( final Exception e ) 305 { 306 final String message = REZ.getString( "policy.error.permission.create", type ); 307 throw new ConfigurationException( message, e ); 308 } 309 } 310 311 private Permission createUnresolvedPermission( final String type, 312 final String target, 313 final String actions, 314 final Certificate [] signers ) 315 { 316 return new UnresolvedPermission ( type, target, actions, signers ); 317 } 318 319 private Certificate [] getSigners( final String signedBy, 320 String keyStoreName, 321 final HashMap keyStores ) 322 throws ConfigurationException 323 { 324 if( null != signedBy && null == keyStoreName ) 325 { 326 keyStoreName = "default"; 327 } 328 329 Certificate [] signers = null; 330 331 if( null != signedBy ) 332 { 333 signers = getCertificates( signedBy, keyStoreName, keyStores ); 334 } 335 336 return signers; 337 } 338 339 private Certificate [] getCertificates( final String signedBy, 340 final String keyStoreName, 341 final HashMap keyStores ) 342 throws ConfigurationException 343 { 344 final KeyStore keyStore = (KeyStore )keyStores.get( keyStoreName ); 345 346 if( null == keyStore ) 347 { 348 final String message = REZ.getString( "policy.error.keystore.aquire", keyStoreName ); 349 throw new ConfigurationException( message ); 350 } 351 352 final ArrayList certificateSet = new ArrayList (); 353 354 final StringTokenizer tokenizer = new StringTokenizer ( signedBy, "," ); 355 356 while( tokenizer.hasMoreTokens() ) 357 { 358 final String alias = ((String )tokenizer.nextToken()).trim(); 359 Certificate certificate = null; 360 361 try 362 { 363 certificate = keyStore.getCertificate( alias ); 364 } 365 catch( final KeyStoreException kse ) 366 { 367 final String message = REZ.getString( "policy.error.certificate.aquire", alias ); 368 throw new ConfigurationException( message, kse ); 369 } 370 371 if( null == certificate ) 372 { 373 final String message = 374 REZ.getString( "policy.error.alias.missing", 375 alias, 376 keyStoreName ); 377 throw new ConfigurationException( message ); 378 } 379 380 if( !certificateSet.contains( certificate ) ) 381 { 382 certificateSet.add( certificate ); 383 } 384 } 385 386 return (Certificate [])certificateSet.toArray( new Certificate [ 0 ] ); 387 } 388 } 389 | Popular Tags |